Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(148)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/compiler/js-generic-lowering.cc

Issue 1469793002: [builtins] Sanitize the machinery around Construct calls. (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: mips64 fix. Created 5 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « src/code-stubs.cc ('k') | src/crankshaft/arm/lithium-arm.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 the V8 project authors. All rights reserved. 1 // Copyright 2014 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "src/code-factory.h" 5 #include "src/code-factory.h"
6 #include "src/code-stubs.h" 6 #include "src/code-stubs.h"
7 #include "src/compiler/common-operator.h" 7 #include "src/compiler/common-operator.h"
8 #include "src/compiler/js-generic-lowering.h" 8 #include "src/compiler/js-generic-lowering.h"
9 #include "src/compiler/js-graph.h" 9 #include "src/compiler/js-graph.h"
10 #include "src/compiler/machine-operator.h" 10 #include "src/compiler/machine-operator.h"
(...skipping 522 matching lines...) Expand 10 before | Expand all | Expand 10 after
533 533
534 void JSGenericLowering::LowerJSCreateScriptContext(Node* node) { 534 void JSGenericLowering::LowerJSCreateScriptContext(Node* node) {
535 Handle<ScopeInfo> scope_info = OpParameter<Handle<ScopeInfo>>(node); 535 Handle<ScopeInfo> scope_info = OpParameter<Handle<ScopeInfo>>(node);
536 node->InsertInput(zone(), 1, jsgraph()->HeapConstant(scope_info)); 536 node->InsertInput(zone(), 1, jsgraph()->HeapConstant(scope_info));
537 ReplaceWithRuntimeCall(node, Runtime::kNewScriptContext); 537 ReplaceWithRuntimeCall(node, Runtime::kNewScriptContext);
538 } 538 }
539 539
540 540
541 void JSGenericLowering::LowerJSCallConstruct(Node* node) { 541 void JSGenericLowering::LowerJSCallConstruct(Node* node) {
542 CallConstructParameters const& p = CallConstructParametersOf(node->op()); 542 CallConstructParameters const& p = CallConstructParametersOf(node->op());
543 int const arity = static_cast<int>(p.arity()); 543 int const arg_count = static_cast<int>(p.arity() - 2);
544 // TODO(bmeurer): Use the Construct builtin here.
545 CallConstructStub stub(isolate(), SUPER_CONSTRUCTOR_CALL);
546 CallInterfaceDescriptor d = stub.GetCallInterfaceDescriptor();
547 CallDescriptor::Flags flags = AdjustFrameStatesForCall(node); 544 CallDescriptor::Flags flags = AdjustFrameStatesForCall(node);
548 CallDescriptor* desc = 545 Callable callable = CodeFactory::Construct(isolate());
549 Linkage::GetStubCallDescriptor(isolate(), zone(), d, arity - 1, flags); 546 CallDescriptor* desc = Linkage::GetStubCallDescriptor(
550 Node* stub_code = jsgraph()->HeapConstant(stub.GetCode()); 547 isolate(), zone(), callable.descriptor(), arg_count + 1, flags);
551 Node* target = NodeProperties::GetValueInput(node, 0); 548 Node* stub_code = jsgraph()->HeapConstant(callable.code());
552 Node* new_target = NodeProperties::GetValueInput(node, arity - 1); 549 Node* stub_arity = jsgraph()->Int32Constant(arg_count);
553 node->RemoveInput(arity - 1); // Drop new target. 550 Node* new_target = node->InputAt(arg_count + 1);
551 Node* receiver = jsgraph()->UndefinedConstant();
552 node->RemoveInput(arg_count + 1); // Drop new target.
554 node->InsertInput(zone(), 0, stub_code); 553 node->InsertInput(zone(), 0, stub_code);
555 node->InsertInput(zone(), 1, jsgraph()->Int32Constant(arity - 2)); 554 node->InsertInput(zone(), 2, new_target);
556 node->InsertInput(zone(), 2, target); 555 node->InsertInput(zone(), 3, stub_arity);
557 node->InsertInput(zone(), 3, new_target); 556 node->InsertInput(zone(), 4, receiver);
558 node->InsertInput(zone(), 4, jsgraph()->UndefinedConstant());
559 NodeProperties::ChangeOp(node, common()->Call(desc)); 557 NodeProperties::ChangeOp(node, common()->Call(desc));
560 } 558 }
561 559
562 560
563 void JSGenericLowering::LowerJSCallFunction(Node* node) { 561 void JSGenericLowering::LowerJSCallFunction(Node* node) {
564 CallFunctionParameters const& p = CallFunctionParametersOf(node->op()); 562 CallFunctionParameters const& p = CallFunctionParametersOf(node->op());
565 int const arg_count = static_cast<int>(p.arity() - 2); 563 int const arg_count = static_cast<int>(p.arity() - 2);
566 ConvertReceiverMode const mode = p.convert_mode(); 564 ConvertReceiverMode const mode = p.convert_mode();
567 Callable callable = CodeFactory::Call(isolate(), mode); 565 Callable callable = CodeFactory::Call(isolate(), mode);
568 CallDescriptor::Flags flags = AdjustFrameStatesForCall(node); 566 CallDescriptor::Flags flags = AdjustFrameStatesForCall(node);
(...skipping 304 matching lines...) Expand 10 before | Expand all | Expand 10 after
873 } 871 }
874 872
875 873
876 MachineOperatorBuilder* JSGenericLowering::machine() const { 874 MachineOperatorBuilder* JSGenericLowering::machine() const {
877 return jsgraph()->machine(); 875 return jsgraph()->machine();
878 } 876 }
879 877
880 } // namespace compiler 878 } // namespace compiler
881 } // namespace internal 879 } // namespace internal
882 } // namespace v8 880 } // namespace v8
OLDNEW
« no previous file with comments | « src/code-stubs.cc ('k') | src/crankshaft/arm/lithium-arm.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698